Jon Isaacson, Product Manager, Systems, at Indigovision says that cyber security, or ‘the security of your security’ as some in the industry are calling it, has been a hot topic in our industry for some time now. Isaacson looks at the history of cyber security and its entry into the physical security market to explore where it might lead in the future.
When we went from analogue cameras to IP cameras, just like going from PBX phone systems to voice over IP phones, we essentially ended up with a bunch of small computers sitting on our customers’ networks. Most IP cameras make use of Linux-based operating systems running on embedded computers, so they’re all likely to have some basic network security functionality inherited from Linux like the Iptables firewall.
To differentiate themselves, manufacturers began trying things ranging from bundled antivirus software to network switch integration for controlling port security to add cyber security value to their product offerings. It was great to see the industry taking steps toward incorporating cyber security into their network-connected products, but most were releasing products or features that only addressed one aspect of cyber security. As any cyber security practitioner will tell you, a holistic and layered approach to security is required for any degree of success.
According to Isaacson, 2018 seemed to be the year that the industry started taking this concept seriously, with most enterprise video management system software manufacturers releasing security hardening guides. These guides are meant to assist customers in implementing cyber security best practices to ensure their products are configured securely. Although these guides are written around a specific product, they typically address a variety of common security concerns from least-privilege user permissions to operating system updates and firewall settings. Even though some may view these guides as ‘just documentation’ rather than a new feature, implementing recommendations made by these guides will likely have more impact on an organisation’s security posture than a bell or whistle that only addresses one aspect of security.
The number of network-connected devices grows daily, as well as the amount of information available to management software. Video analytics aren’t useful if they don’t help the user make sense of all of the information available to them, and the same is true for cyber security products and tools. “I look forward to seeing these products evolve to provide more meaningful and actionable cyber security information to our customers, but in the meantime, be sure to consider reviewing your product’s Security Hardening Guide next time you’re looking for some reading material!” Jon Isaacson concludes.